Legal claims defining the scope of protection, as filed with the USPTO.
1. A method comprising: generating a first security key in a dedicated partition on a wireless node, the dedicated partition isolated from a host operating system on the wireless node; performing a 4-way handshake between the dedicated partition on the wireless node and an access point (“AP”) utilizing the first security key; and generating a transient session security key in the dedicated partition, wherein the dedicated partition is to be accessed by a processor dedicated exclusively to managing the wireless node via the dedicated partition, wherein the first security key is not to be shared with any authentication server, and wherein the transient session security key is to protect confidentiality and integrity of all data communication between the wireless node and the AP during a single session.
2. The method according to claim 1 wherein generating the first security key further comprises the host operating system offloading generation of the first security key to the dedicated partition.
3. The method according to claim 2 wherein offloading generation of the first security key to the dedicated partition is achieved utilizing a cryptographic offload mechanism.
4. The method according to claim 1 wherein generating the first security key comprises generating a Pairwise Master Key (“PMK”) and generating the transient session security key comprises generating at least one Pairwise Transient Key (“PTK”).
5. The method according to claim 4 further comprising storing the PTK in a key store on the wireless node.
6. The method according to claim 5 further comprising providing an identification corresponding to the PTK to the host operating system, the host operating system capable of utilizing the identification to tag data frames for encryption.
7. The method according to claim 6 wherein the data frames tagged for encryption may be encrypted in one of the dedicated partition or a network adapter on the wireless node.
8. The method according to claim 1 , wherein the dedicated partition comprises an Active Management Technologies (AMT) partition that is a virtualized partition.
9. The method according to claim 1 wherein generating the first security key in the dedicated partition comprises generating the first security key in an unsecure partition and securely transferring the first security key to the dedicated partition.
10. The method according to claim 1 wherein the 4-way handshake is defined by an 802.11 protocol.
11. The method of claim 1 , wherein the transient session security key is to enable the wireless node and the AP to confirm that they are not communicating with a replayed session.
12. A system comprising: a hardware memory device to store a host partition to facilitate running a host operating system and an application; and a dedicated partition isolated from the host partition, the dedicated partition capable of generating a first security key, the first security key for performing a 4-way handshake between the dedicated partition and an access point (“AP”) to generate at least one transient session security key, wherein the dedicated partition is to be accessed by a processor dedicated exclusively to managing a wireless node via the dedicated partition, wherein the first security key is not to be shared with any authentication server, and the transient session security key is to protect confidentiality and integrity of all data communication between the wireless node and the AP during a single session.
13. The system according to claim 12 further comprising: a key store isolated from the host partition, the key store capable of securely storing the at least one transient session security key.
14. The system according to claim 13 wherein the dedicated partition is capable of providing the host operating system with an identifier corresponding to the at least one transient session security key, the host operating system capable of utilizing the identification to tag data frames for encryption.
15. The system according to claim 14 further comprising a network adapter, wherein the data frames tagged for encryption may be encrypted in one of the dedicated partition or the network adapter.
16. The system according to claim 12 wherein the first security key includes a Pairwise Master Key (“PMK”) and the at least one transient session security key includes at least one Pairwise Transient Key (“PTK”).
17. The system according to claim 12 wherein the dedicated partition is to comprise an Active Management Technologies (AMT) partition that is a VM running in a virtualized environment.
18. The system of claim 12 , wherein the transient session security key is to enable the wireless node and the AP to confirm that they are not communicating with a replayed session.
19. An article comprising a non-transitory machine-accessible medium having stored thereon instructions that, when executed by a machine, cause the machine to: generate a first security key in a dedicated partition on a wireless node, the dedicated partition isolated from a host operating system on the wireless node; perform a 4-way handshake between the dedicated partition on the wireless node and an access point (“AP”) utilizing the first security key; and generate a transient session security key within the dedicated partition, wherein the dedicated partition is to be accessed by a processor dedicated exclusively to managing a wireless node via the dedicated partition, wherein the first security key is not to be shared with any authentication server, and the transient session security key is to protect confidentiality and integrity of all data communication between the wireless node and the AP during a single session.
20. The article according to claim 19 , wherein the instructions, when executed by the machine, further cause the machine to generate the first security key by the host operating system offloading generation of the first security key to the dedicated partition.
21. The article according to claim 19 , wherein the instructions, when executed by the machine, further cause the machine to generate the first security key comprising a Pairwise Master Key (“PMK”) and generate the transient session security key comprising at least one Pairwise Transient Key (“PTK”).
22. The article according to claim 21 , wherein the instructions, when executed by the machine, further cause the machine to provide an identification corresponding to the PTK to the host operating system, the instructions further capable of causing the host operating system to utilize the identification to tag data frames for encryption.
23. The article according to claim 21 , wherein the instructions, when executed by the machine, further cause the machine to store the PTK in a key store on the wireless node.
24. The article according to claim 19 , wherein the instructions, when executed by the machine, further cause the machine to encrypt the data frames tagged for encryption in one of the dedicated partition or a network adapter on the wireless node.
25. The article according to claim 19 , wherein the instructions, when executed by the machine, further cause the machine to generate the first security key in the dedicated partition by generating the first security key in an unsecure partition and securely transferring the first security key to the dedicated partition.
26. The article according to claim 19 wherein the instructions, when executed by the machine, further cause the machine to perform the 4-way handshake according to an 802.11 protocol.
27. The article according to claim 19 , wherein the transient session security key is to enable the wireless node and the AP to confirm that they are not communicating with a replayed session.
Unknown
April 16, 2013
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.